MEDIUM
Phpmailer Project
CVE published 2017-01-16
CVE-2017-5223
CVE-2017-5223 is a local information disclosure issue in PHPMailer versions before 5.2.22. The risk arises when an application calls msgHTML() on unfiltered, user-supplied HTML and does not set a base directory. In that case, relative image URLs may be resolved as local file paths and attached, which can expose local content. The issue is medium severity, but it is most important wherever PHPMailer is use [truncated]